AMENDMENTS TO THE CLAIMS AND CLAIM LISTING 



1 . (Amended) A method for authorizing execution of request actions 
transmitted between clients and servers of a data processing system, the method comprising: 

receiving a first message including a set of actions^ and a second message 
including user-requested actions and inputs; 

simulating execution of the set of actions and building a list of allowable 
actions and user-definable inputs to the allowable actions; 

comparing the list of allowable actions and user-definable inputs to the user- 
requested actions and inputs; and 

where the list of allowable actions and user-definable inputs includes the 
user-requested actions and inputs, authorizing execution of the user requested actions. 

2. (Original) The method as set forth in claim 1 , wherein the step of 
simulating comprises identifying all possible actions and inputs to the possible actions 
resulting form an execution of the set of actions at a client. 

3. (Original) The method as set forth in claim 1 , wherein the step of 
simulating comprises invoking and triggering each command, field, user-selectable input 
option and HTTP request within the set of actions. 

4. (Original) The method as set forth in claim 1 , wherein the user-requested 
actions and inputs includes actions and inputs provided during a user session performed in 
response to receipt of the first message at a client. 

5. (Original) The method as set forth in claim 1, comprising: 

during the step of simulating, detecting an input control requesting entry of a 
data value and assigning a unique place holder to represent the data value; and 
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during the step of comparing, matching a pattern of the unique place holder 
to the input received from the user. 

6. (Original) The method as set forth in claim 1, wherein the step of 
simulating comprises: 

detecting an input control requesting selection of one of a plurality of 
predefined data values; and 

interatively selecting one of the plurality of predefined data values and 
continuing simulation of the set of actions and building of the list of allowable actions and 
user-definable inputs with the selected one data value until each of the plurality of 
predefined data values is selected and listed. 

7. (Original) The method as set forth in claim 1, comprising: 

prior to the step of simulating, tracing execution of the set of actions at a 

client; and 

during the step of simulating, providing results of the tracing in response to 
the user-selectable inputs. 

8. (Original) The method as set forth in claim 1, comprising: 
prior to the step of simulating: 

identifying actions within the set of actions of the first message; 

supplementing the first message with actions for tracing input to the 
identified actions; and 

transmitting the supplemented first message to a client; and 
during the set of simulating, providing results of the tracing as user- 
selectable inputs to the identified actions are requested. 
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9. (Original) The method as set forth in claim 8, wherein the results of the 
tracing are included within the second message; 

10. (Original) The method as set forth in claim 8, wherein the results of the 
tracing are included within the second message. 

11 through 15 (Non-elected) 

16. (Original) A method for authorizing execution of requested actions 
transmitted from a client to a server of a client/server data processing system, the method 
performed by a gateway coupled between the client and the server, comprising: 

receiving, from the server, a document including a set of actions; 
simulating execution of the set of actions and building a list of allowable 
actions and user-definable inputs to the allowable actions; 

receiving, from the client, and a message including user-requested actions 

and inputs; 

comparing the list of allowable actions and user-definable inputs to the 
user-requested actions and inputs; and 

where the list of allowable actions and user-definable inputs includes the 
user-requested actions and inputs, transmitting the user-requested actions and inputs to 
the server for execution. 

17. (Original) The method as set forth in claim 16, comprising storing, at 
the gateway, the list of allowable actions and user-definable inputs. 



4 



